def testNoAccessToken(self):
""" Test the rejection of a request to a protected resource without a token. """
request = MockRequest('GET', 'protectedResource')
self.assertFalse(
isAuthorized(request, 'scope'),
msg='Expected isAuthorized to reject a request without a token.')
self.assertFailedProtectedResourceRequest(request,
MissingTokenError(['scope']))
def testAccessTokenInBodyWrongMethod(self):
"""
Test the rejection of a request to a protected resource with a valid token
in the request body but a request that was not made with the POST method.
"""
request = MockRequest('GET',
'protectedResource',
arguments={'access_token': self.VALID_TOKEN})
request.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded')
self.assertFalse(
isAuthorized(request, self.VALID_TOKEN_SCOPE),
msg='Expected isAuthorized to reject a request with a valid token '
'in the request body that was not send with the POST method.')
self.assertFailedProtectedResourceRequest(
request, MissingTokenError(self.VALID_TOKEN_SCOPE))
def testAccessTokenInBodyWrongContentType(self):
"""
Test the rejection of a request to a protected resource
with a valid token but an invalid content type.
"""
request = MockRequest('POST',
'protectedResource',
arguments={'access_token': self.VALID_TOKEN})
request.setRequestHeader('Content-Type', 'application/other')
self.assertFalse(
isAuthorized(request, self.VALID_TOKEN_SCOPE),
msg='Expected isAuthorized to reject a request '
'with a valid token in the request body with a content type '
'that is not "application/x-www-form-urlencoded".')
self.assertFailedProtectedResourceRequest(
request, MissingTokenError(self.VALID_TOKEN_SCOPE))
def isAuthorized(request, scope, allowInsecureRequestDebug=False):
"""
Returns True if the token in the request grants access to the given
scope. The token is validated via the authTokenStorage singleton
given to the TokenResource instance. If the token is invalid,
does not grant access to the scope or was not send via a secure
protocol, False is returned, an error is written to the request
and the request is closed.
You can not write to the request if this function returned False!
:param request: The request.
:param scope: The scope or list of scopes the token must grant access to.
:param allowInsecureRequestDebug: Allow requests to originate from
insecure connections. Only use for local testing!
:return: True, if the request is authorized, False otherwise.
"""
error = None
scope = scope if type(scope) == list else [scope]
if not (allowInsecureRequestDebug or request.isSecure()):
error = InsecureConnectionError()
else:
try:
requestToken = _getToken(request)
except ValueError:
error = MultipleTokensError(scope)
else:
if requestToken is None:
error = MissingTokenError(scope)
else:
try:
requestToken = requestToken.decode('utf-8')
except UnicodeDecodeError:
pass
else:
tokenStorage = TokenResource.getTokenStorageSingleton()
if tokenStorage.contains(requestToken):
if tokenStorage.hasAccess(requestToken, scope):
return True
else:
error = InsufficientScopeRequestError(scope)
if error is None:
error = InvalidTokenRequestError(scope)
request.write(error.generate(request))
request.finish()
return False